RubyGems - sensu-plugins-ssl - Versions diffs - 1.5.0 → 2.0.0 - Mend

sensu-plugins-ssl 1.5.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +16 -1
data/README.md +8 -0
data/bin/check-ssl-qualys.rb +71 -21
data/lib/sensu-plugins-ssl/version.rb +2 -2
metadata +3 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 7e23f7f9bda17a902a794ba2b392db1fab95bc18
-  data.tar.gz: dcfb2876610019130353b96e5eeee56ce760b7bf
+SHA256:
+  metadata.gz: a3a3897180c22577185edd1adc5a1dbf56c40f6bebd440ca0a115d25977ba4ce
+  data.tar.gz: 61647f568fffad2d7a6e9017ef80605ad2cef91f63067e926fef5ed911c3b57c
 SHA512:
-  metadata.gz: 055dd188beb7356eb2c10edfab2db5432343910d4548a6ab4f911860bd27d93814b8e896ea02a54d240c265140ded0edf1209433f1d49c30ad1c45f6f78af200
-  data.tar.gz: 9724710d3b54fb0d20538232cefb3992fa1ef7c707489c4cb6bc15de62a9e098cebb983016396344ee6ca6781af5a87f647ba76e9d6dcee92786ee3041422593
+  metadata.gz: 865092f6bc7e45b28a6e70ad6fe2f97cc4872a5c4e49bcb1ac5de50808529ab83a98cd10a3c94178d8e26fdb0d5ea05bc38fb212e39d64fc7a1942ebeaff348f
+  data.tar.gz: a5367f0f04bb14f7ac3c2e5fa4aea72001ef80d763f688aa8a501774bf360892881a64cbc88d34ee6bf393afc3911d0741cf0bdcaee18895c54bae5a42df0989

data/CHANGELOG.md CHANGED

@@ -5,6 +5,20 @@ This CHANGELOG follows the format listed [here](https://github.com/sensu-plugins
 ## [Unreleased]
+## [2.0.0] - 2018-03-27
+### Breaking Changes
+- `check-ssl-qualys.rb`: when you submit a request with caching enabled it will return back a response including an eta key. Rather than sleeping for some arbitrary number of time we now use this key when its greater than `--between-checks` to wait before attempting the next attempt to query. If it is lower or not present we fall back to `--between-checks` (@majormoses)
+- `check-ssl-qualys.rb`: new `--timeout` parameter to short circuit slow apis (@majormoses)
+### Changed
+- `check-ssl-qualys.rb`: updated `--api-url` to default to `v3` but remains backwards compatible (@jhoblitt) (@majormoses)
+### Added
+`check-ssl-qualys.rb`: option `--debug` to enable debug logging (@majormoses)
+### Fixed
+- `check-ssl-hsts-preloadable.rb`: Fixed testing warnings for if a domain can be HSTS preloaded (@rwky)
 ## [1.5.0] - 2017-09-26
 ### Added
 - Ruby 2.4.1 testing
@@ -91,7 +105,8 @@ This CHANGELOG follows the format listed [here](https://github.com/sensu-plugins
 ### Added
 - initial release
-[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.5.0...HEAD
+[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/2.0.0...HEAD
+[2.0.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.5.0...2.0.0
 [1.5.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.4.0...1.5.0
 [1.4.0]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.3.1...1.4.0
 [1.3.1]: https://github.com/sensu-plugins/sensu-plugins-ssl/compare/1.3.0...1.3.1

data/README.md CHANGED

@@ -46,6 +46,14 @@ or an online CRL:
 Critical and Warning thresholds are specified in minutes.
+### `bin/check-ssl-qualys.rb`
+Checks the ssllabs qualysis api for grade of your server, this check can be quite long so it should not be scheduled with a low interval and will probably need to adjust the check `timeout` options per the [check attributes spec](https://docs.sensu.io/sensu-core/1.2/reference/checks/#check-attributes) based on my tests you should expect this to take around 3 minutes.
+```
+./bin/check-ssl-qualys.rb -d google.com
+```
 ## Installation
 [Installation and Setup](http://sensu-plugins.io/docs/installation_instructions.html)

data/bin/check-ssl-qualys.rb CHANGED

@@ -1,5 +1,6 @@
 #!/usr/bin/env ruby
 # encoding: UTF-8
 #  check-ssl-qualys.rb
 #
 # DESCRIPTION:
@@ -41,6 +42,7 @@
 require 'sensu-plugin/check/cli'
 require 'json'
 require 'net/http'
+require 'timeout'
 # Checks a single DNS entry has a rating above a certain level
 class CheckSSLQualys < Sensu::Plugin::Check::CLI
@@ -56,7 +58,7 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
   option :api_url,
          description: 'The URL of the API to run against',
          long: '--api-url URL',
-         default: 'https://api.ssllabs.com/api/v2/'
+         default: 'https://api.ssllabs.com/api/v3/'
   option :warn,
          short: '-w GRADE',
@@ -72,6 +74,12 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
          proc: proc { |g| GRADE_OPTIONS.index(g) },
          default: 3 # 'B'
+  option :debug,
+         long: '--debug BOOL',
+         description: 'toggles extra debug printing',
+         boolean: true,
+         default: false
   option :num_checks,
          short: '-n NUM_CHECKS',
          long: '--number-checks NUM_CHECKS',
@@ -82,17 +90,31 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
   option :between_checks,
          short: '-t SECONDS',
          long: '--time-between SECONDS',
-         description: 'The time between each poll of the API',
+         description: 'The fallback time between each poll of the API, when an ETA is given by the previous response and is higher than this value it is used',
          proc: proc { |t| t.to_i },
          default: 10
+  option :timeout,
+         short: '-t SECONDS',
+         descriptions: 'the ammount of seconds that this is allowed to run for',
+         proc: proc(&:to_i),
+         default: 300
   def ssl_api_request(from_cache)
     params = { host: config[:domain] }
-    params[:startNew] = 'on' unless from_cache
+    params[:startNew] = if from_cache == true
+                          'off'
+                        else
+                          'on'
+                        end
     uri       = URI("#{config[:api_url]}analyze")
     uri.query = URI.encode_www_form(params)
-    response  = Net::HTTP.get_response(uri)
+    begin
+      response = Net::HTTP.get_response(uri)
+    rescue StandardError => e
+      warning e
+    end
     warning 'Bad response recieved from API' unless response.is_a?(Net::HTTPSuccess)
@@ -107,11 +129,37 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
   def ssl_recheck
     1.upto(config[:num_checks]) do |step|
-      json = ssl_check(step != 1)
+      p "step: #{step}" if config[:debug]
+      start_time = Time.now
+      p "start_time: #{start_time}" if config[:debug]
+      json = if step == 1
+               ssl_check(false)
+             else
+               ssl_check(true)
+             end
       return json if json['status'] == 'READY'
-      sleep(config[:between_checks])
+      if json['endpoints'] && json['endpoints'].is_a?(Array)
+        p "endpoints: #{json['endpoints']}" if config[:debug]
+        # The api response sometimes has low eta (which seems unrealistic) from
+        # my tests that can be 0 or low numbers which would imply it is done...
+        # Basically we check if present and if its higher than the specified
+        # time to wait between checks. If so we use the eta from the api get
+        # response otherwise we use the time between check values. We have an
+        # overall timeout that protects us from the api telling us to wait for
+        # insanely long time periods. The highest I have seen the eta go was
+        # around 250 seconds but put it in just in case as the api has very
+        # erratic response times.
+        if json['endpoints'].first.is_a?(Hash) && json['endpoints'].first.key?('eta') && json['endpoints'].first['eta'] > config[:between_checks]
+          p "eta: #{json['endpoints'].first['eta']}" if config[:debug]
+          sleep(json['endpoints'].first['eta'])
+        else
+          p "sleeping with default: #{config[:between_checks]}" if config[:debug]
+          sleep(config[:between_checks])
+        end
+      end
+      p "elapsed: #{Time.now - start_time}" if config[:debug]
+      warning 'Timeout waiting for check to finish' if step == config[:num_checks]
     end
-    warning 'Timeout waiting for check to finish'
   end
   def ssl_grades
@@ -121,23 +169,25 @@ class CheckSSLQualys < Sensu::Plugin::Check::CLI
   end
   def lowest_grade
-    ssl_grades.sort_by! { |g| GRADE_OPTIONS.index(g) } .reverse![0]
+    ssl_grades.sort_by! { |g| GRADE_OPTIONS.index(g) }.reverse![0]
   end
   def run
-    grade = lowest_grade
-    unless grade
-      message "#{config[:domain]} not rated"
-      critical
-    end
-    message "#{config[:domain]} rated #{grade}"
-    grade_rank = GRADE_OPTIONS.index(grade)
-    if grade_rank > config[:critical]
-      critical
-    elsif grade_rank > config[:warn]
-      warning
-    else
-      ok
+    Timeout.timeout(config[:timeout]) do
+      grade = lowest_grade
+      unless grade
+        message "#{config[:domain]} not rated"
+        critical
+      end
+      message "#{config[:domain]} rated #{grade}"
+      grade_rank = GRADE_OPTIONS.index(grade)
+      if grade_rank > config[:critical]
+        critical
+      elsif grade_rank > config[:warn]
+        warning
+      else
+        ok
+      end
     end
   end
 end

data/lib/sensu-plugins-ssl/version.rb CHANGED

@@ -1,7 +1,7 @@
 module SensuPluginsSSL
   module Version
-    MAJOR = 1
-    MINOR = 5
+    MAJOR = 2
+    MINOR = 0
     PATCH = 0
     VER_STRING = [MAJOR, MINOR, PATCH].compact.join('.')

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sensu-plugins-ssl
 version: !ruby/object:Gem::Version
-  version: 1.5.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Sensu-Plugins and contributors
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-09-26 00:00:00.000000000 Z
+date: 2018-03-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sensu-plugin
@@ -220,7 +220,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.13
+rubygems_version: 2.7.6
 signing_key:
 specification_version: 4
 summary: Sensu plugins for SSL